When it comes to vulnerability scanning, there are some terms that are often confused and can easily lead to misunderstandings. In the worst case, it can even cost you a lot of money. Therefore, here my attempt to create some clarity. On top of that, there are some practical recommendations which IT security tests make sense for you.
Definition: Vulnerability Scan
A vulnerability scan is an examination of a computer network with the help of special software tools. The aim is to detect known vulnerabilities so that they can be remedied as quickly as possible. For this purpose, the information collected during the scan is compared against a vulnerability database and a corresponding vulnerability report is generated. The vulnerabilities found can then be patched. One distinguishes between internal and external vulnerability scans. The external vulnerability scan collects information about the external IP addresses and can provide for example information about open ports. The internal vulnerability scan is performed within the network and aims to detect configuration errors, weak passwords, etc.
Differentiation from Vulnerability Assessment
Strictly speaking, vulnerability scanning refers only to the automated scanning of target objects. A scan is therefore only part of a so-called vulnerability assessment. The raw scan results are placed in the business context and professionally evaluated so that a detailed and comprehensive assessment of your security level is possible. In addition, manual methods are often used. This increases the accuracy of the scan results. This requires the corresponding work of an IT security analyst. As a result, a vulnerability assessment provides you with insight into how resistant your internal and external infrastructure is against cyber attacks. A vulnerability assessment remains an analysis that focuses on the potential attack surface of your company. A vulnerability assessment is rather „broad-based“ than „in-depth“.
Differentiation from Penetration Testing
A penetration test goes one step further than vulnerability assessment because it also includes an exploit phase. In this phase, the penetration tester makes active intrusion attempts and tries to find out whether and how the vulnerabilities found can be exploited. Thus, the broad vulnerability analysis is enriched with this deeper component. The professional penetration test is thus the most complex and at the same time the most comprehensive IT security test.
Differentiation from Vulnerability Management
I still owe you one last explanation: Vulnerability Management. In contrast to a once-off vulnerability scan or vulnerability analysis, vulnerability management is a holistic, continuous approach. Vulnerabilities are cyclically detected, classified, prioritised and eliminated. With continuous scans, one can expect a far greater benefit, since one can continuously collect key data, determine trends and identify recurring vulnerabilities. Consequently, it is possible to derive measures that will lead to fewer weak points in the long term.
When do I need what?
A single vulnerability scan is a quick way to get a snapshot of a limited number of known vulnerabilities in your network. It is inexpensive and can even be run by yourself if you use the appropriate tools. However, it only gives you a limited degree of context. A proper vulnerability analysis closes this gap. It makes sense to perform it cyclically. Many compliance regulations, such as PCI DSS or ISO 27001, also require it. The shorter the intervals, the shorter the time window in which unresolved vulnerabilities can be exploited by hackers. The ideal solution is certainly the use of a Vulnerability Management as-a-Service solution. A specialized IT service provider will cover the entire cycle of professional vulnerability management for you. It is also advisable to carry out penetration tests at regular intervals. These are particularly useful when major changes are to occur in your network.
Conclusion on the Vulnerability Scan
Vulnerability scanning, vulnerability assessment, vulnerability management and penetration testing all revolve around uncovering security vulnerabilities. Since the terms are not always used uniformly and e.g. a simple vulnerability scan is sold as a vulnerability assessment, or a penetration test is in reality only a vulnerability analysis, it is important to investigate what exactly the content of the advertised services is.
If you are interested in our Vulnerability Management as-a-Service offer, please contact us for a prompt and non-binding quotation.